CVE-2010-5298 — Race Condition in Openssl
Severity
4.0MEDIUMNVD
EPSS
10.7%
top 6.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 14
Latest updateMay 14
Description
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
CVSS vector
AV:N/AC:H/C:N/I:P/A:PExploitability: 4.9 | Impact: 4.9
Affected Packages8 packages
Also affects: Fedora 19, 20
Patches
🔴Vulnerability Details
4📋Vendor Advisories
5Debian▶
CVE-2010-5298: openssl - Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1....↗2010
💬Community
4Bugzilla▶
CVE-2014-0221 CVE-2014-0198 CVE-2014-0224 CVE-2014-0195 CVE-2010-5298 CVE-2014-3470 mingw-openssl: various flaws [epel-7]↗2014-08-07
Bugzilla▶
CVE-2014-0221 CVE-2014-0198 CVE-2014-0224 CVE-2014-0195 CVE-2010-5298 CVE-2014-3470 openssl: various flaws [fedora-all]↗2014-05-09
Bugzilla▶
CVE-2014-0221 CVE-2014-0198 CVE-2014-0224 CVE-2014-0195 CVE-2010-5298 CVE-2014-3470 mingw-openssl: various flaws [fedora-all]↗2014-05-09